SlideShare a Scribd company logo

Managing Websphere Application Server certificates

Piyush Chordia
Piyush Chordia

This document discusses managing and replacing SSL certificates in WebSphere 6.1. By default, WebSphere 6.1 uses key stores and trust stores to manage certificates rather than dummy keys. It provides tools in the admin console to manage certificates at different configuration scopes. It also describes how to manually replace expired certificates, including updating key stores, trust stores, and plugin configuration files.

1 of 46
IBM Software Group ® Managing and Replacing WebSphere 6.1 SSL Certificates Brett Ostrander WebSphere® Support Technical Exchange
IBM Software Group | WebSphere software Agenda • Basic Design / Overview • Default 6.1 Configuration • Scope Settings • Certificate Expiration Management • Manually Replacing Certificates
IBM Software Group | WebSphere software Basic Design / Overview • No longer use the Dummy keys • Key Stores (key.p12) and Trust Stores (trust.p12) contain – Signer Certificates – Personal Certificates – Personal Certificate Requests • WebSphere® provides all of the needed key/trust stores needed by default • Self signed certificates are created per profile by default
IBM Software Group | WebSphere software Basic Design / Overview • Certificate and key management is built into the Admin Console • Configurations are scoped at the level of cell, node, cluster, node group, server...
IBM Software Group | WebSphere software
IBM Software Group | WebSphere software Default Configuration Key Stores and Trust Stores are managed via the Admin Console and stored in the configuration repository CellDefaultKeyStore is located in ${CONFIG_ROOT}/cells/cell_name/key.p12 CellDefaultTrustStore is located in ${CONFIG_ROOT}/cells/cell_name/trust.p12 Important: This is the Trust Store used by default in the Entire Cell
IBM Software Group | WebSphere software Default Configuration NodeDefaultKeyStore is in ${CONFIG_ROOT}/cells/cell_name/nodes/node_name/key .p12 NodeDefaultTrustStore is in ${CONFIG_ROOT}/cells/cell_name/nodes/node_name/trust.p1 2 NodeDefaultTrustStore is not used by default
IBM Software Group | WebSphere software Default Configuration Web Server’s KDB file is in ${CONFIG_ROOT}/config/cells/cell_name/nodes/node_name/ servers/webserver/plugin-key.kdb
IBM Software Group | WebSphere software Scope Settings
IBM Software Group | WebSphere software • SSL configurations > NodeDefaultSSLSettings
IBM Software Group | WebSphere software Certificate Expiration Management • WebSphere automatically (be default) scans all key stores looking for certificates that will expire • Any self-signed certificates that will expire in the next expiration notification days will be replaced – if automatic synchronization is disabled and outage will occur – unmanaged webservers stop working – communication may be broken with other servers in other cells, MQ, etc. – various other problems can also occur • Consider disabling automatic certificate replacement and generating your own certificates...
IBM Software Group | WebSphere software
IBM Software Group | WebSphere software Manually Replacing Certificates • Run backupConfig on the Deployment Manager • Replace the Deployment Manager certificate In the Admin Console, go to Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates > Create a self-signed certificate
IBM Software Group | WebSphere software • Enter the required attributes and Save the changes.
IBM Software Group | WebSphere software • Return to Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates • Select the old certificate and Replace
IBM Software Group | WebSphere software • Accept your new certificate and Save
IBM Software Group | WebSphere software • On the next screen, select the old certificate and Delete
IBM Software Group | WebSphere software • Verify that a Signer Certificate was added to your CellDefaultTrustStore for your new personal certificate
IBM Software Group | WebSphere software
IBM Software Group | WebSphere software • If for any reason the Signer Certificate was not added then you can do this manually
IBM Software Group | WebSphere software • Select the CellDefaultKeyStore and the CellDefaultTrustStore and click Exchange signers...
IBM Software Group | WebSphere software • Select and Add the new Signer Certificate
IBM Software Group | WebSphere software Manually Replacing Certificates • Replace the Node certificate Go to Security > SSL certificate and key management > Manage endpoint security configurations and Select the node
IBM Software Group | WebSphere software • Select Manage certificates
IBM Software Group | WebSphere software • Create a new self-signed certificate
IBM Software Group | WebSphere software • Enter the required attributes and Save the changes
IBM Software Group | WebSphere software • Return to Security > SSL certificate and key management > Manage endpoint security configurations and Select the node • Select Manage Certificates • Select the old certificate and click Replace
IBM Software Group | WebSphere software • Accept your new certificate and Save
IBM Software Group | WebSphere software • Return to the node Manage certificates page, select the old certificate and Delete
IBM Software Group | WebSphere software • Verify that a Signer Certificate was added to your CellDefaultTrustStore for your new Personal Certificate
IBM Software Group | WebSphere software
IBM Software Group | WebSphere software • If for any reason the Signer Certificate was not added then you can do this manually • Select the NodeDefaultKeyStore and the CellDefaultTrustStore and click Exchange signers...
IBM Software Group | WebSphere software • Select and Add the new Signer Certificate
IBM Software Group | WebSphere software Manually Replacing Certificates • Delete the old Signer Certificates and Extract the new ones
IBM Software Group | WebSphere software
IBM Software Group | WebSphere software • Extract each certificate
IBM Software Group | WebSphere software • Enter a File Name that corresponds to the certificate. For example, node1.arm • These files are saved to the profile_root/Dmgr/etc directory
IBM Software Group | WebSphere software Manually Replacing Certificates • Add the Signer Certificates for each node to the plugin-key.kdb Go to Servers > Web servers> webserver_name > Plug-in properties > Manage keys and certificates > Signer certificates > Add
IBM Software Group | WebSphere software • Enter a unique Alias Name and then specify the File Name that you created previously
IBM Software Group | WebSphere software • Repeat this for each of the new certificates (the cell signer and all of the node signers) • Manually copy the plugin-key.kdb from the local configuration to the webserver • Important Note: Depending on your configuration you may not be able to perform the previous steps with the console. If the fields are greyed out and/or you are unable to manage your plugin-key.kdb from the console you will need to use IKEYMAN to manually add the certificates
IBM Software Group | WebSphere software Manually Replacing Certificates • For all profiles, when these self-signed certificates are initially created they are also added into the key.p12 and trust.p12 in the ${PROFILE_ROOT}/etc directory. These key stores are used by clients (for example, wsadmin) started from this profile • These certificates provide them with the trust needed to communicate with servers in the same profile without requiring any signer exchanges to occur
IBM Software Group | WebSphere software Manually Replacing Certificates • Whenever changes are made to the server certificates after the initial profile creation the /etc trust.p12 will need to be updated • If client authentication is enabled on the server the /etc/key.p12 will need be updated also
IBM Software Group | WebSphere software Manually Replacing Certificates • Manually replace the trust.p12 in each of the /etc directories – Copy the ${CONFIG_ROOT}/cells/cell_name/trust.p12 to the profile_root/Dmgr/etc directory – Copy the ${CONFIG_ROOT}/cells/cell-name/trust.p12 to the profile_root/Appsrv/etc directory and repeat for each node in the cell • If needed, replace the key.p12 files also – Copy the ${CONFIG_ROOT}/cells/cell_name/key.p12 to the profile_root/Dmgr/etc directory – Copy the ${CONFIG_ROOT}/cells/cell-name/ node/node_name/key.p12 to corresponding profile_root/Appsrv/etc directory and repeat for each node in the cell
IBM Software Group | WebSphere software Reference Articles • IBM WebSphere Developer Technical Journal: SSL, certificate, and key management enhancements for even stronger security in WebSphere Application Server V6.1 • Manually Replacing SSL Certificates in V6.1
IBM Software Group Additional WebSphere Product Resources Discover the latest trends in WebSphere Technology and implementation, participate in technically-focused briefings, webcasts and podcasts at: http://www.ibm.com/developerworks/websphere/community/ Learn about other upcoming webcasts, conferences and events: http://www.ibm.com/software/websphere/events_1.html Join the Global WebSphere User Group Community: http://www.websphere.org Access key product show-me demos and tutorials by visiting IBM® Education Assistant: http://www.ibm.com/software/info/education/assistant View a Flash replay with step-by-step instructions for using the Electronic Service Request (ESR) tool for submitting problems electronically: http://www.ibm.com/software/websphere/support/d2w.html Sign up to receive weekly technical My support emails: http://www.ibm.com/software/support/einfo.html WebSphere® Support Technical Exchange 45
IBM Software Group Questions and Answers WebSphere® Support Technical Exchange 46
Ad

Recommended

MySQL InnoDB Cluster HA Overview & Demo
MySQL InnoDB Cluster HA Overview & DemoMySQL InnoDB Cluster HA Overview & Demo
MySQL InnoDB Cluster HA Overview & Demo
Keith Hollman
 
Designing IBM MQ deployments for the cloud generation
Designing IBM MQ deployments for the cloud generationDesigning IBM MQ deployments for the cloud generation
Designing IBM MQ deployments for the cloud generation
David Ware
 
Everything You Need to Know About MySQL Group Replication
Everything You Need to Know About MySQL Group ReplicationEverything You Need to Know About MySQL Group Replication
Everything You Need to Know About MySQL Group Replication
Nuno Carvalho
 
What's New In MQ 9.2 on z/OS
What's New In MQ 9.2 on z/OSWhat's New In MQ 9.2 on z/OS
What's New In MQ 9.2 on z/OS
Matt Leming
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)
Rui Miguel Feio
 
Hands On Introduction To Ansible Configuration Management With Ansible Comple...
Hands On Introduction To Ansible Configuration Management With Ansible Comple...Hands On Introduction To Ansible Configuration Management With Ansible Comple...
Hands On Introduction To Ansible Configuration Management With Ansible Comple...
SlideTeam
 
z/OS V2R2 Communications Server Overview
z/OS V2R2 Communications Server Overviewz/OS V2R2 Communications Server Overview
z/OS V2R2 Communications Server Overview
zOSCommserver
 
Percona XtraDB Cluster vs Galera Cluster vs MySQL Group Replication
Percona XtraDB Cluster vs Galera Cluster vs MySQL Group ReplicationPercona XtraDB Cluster vs Galera Cluster vs MySQL Group Replication
Percona XtraDB Cluster vs Galera Cluster vs MySQL Group Replication
Kenny Gryp
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
My sql enterprise vs community
My sql enterprise vs communityMy sql enterprise vs community
My sql enterprise vs community
MySQL Brasil
 
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & ClusterMySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
Kenny Gryp
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
Osama Mustafa
 
MySQL Group Replication
MySQL Group ReplicationMySQL Group Replication
MySQL Group Replication
Kenny Gryp
 
MySQL Replication Performance in the Cloud
MySQL Replication Performance in the CloudMySQL Replication Performance in the Cloud
MySQL Replication Performance in the Cloud
Vitor Oliveira
 
MQ Security Overview
MQ Security OverviewMQ Security Overview
MQ Security Overview
MarkTaylorIBM
 
IBM WebSphere MQ for z/OS - Security
IBM WebSphere MQ for z/OS - SecurityIBM WebSphere MQ for z/OS - Security
IBM WebSphere MQ for z/OS - Security
Damon Cross
 
Db2 migration -_tips,_tricks,_and_pitfalls
Db2 migration -_tips,_tricks,_and_pitfallsDb2 migration -_tips,_tricks,_and_pitfalls
Db2 migration -_tips,_tricks,_and_pitfalls
sam2sung2
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
Jorge Moratilla Porras
 
Sysplex in a Nutshell
Sysplex in a NutshellSysplex in a Nutshell
Sysplex in a Nutshell
zOSCommserver
 
IBM MQ: Using Publish/Subscribe in an MQ Network
IBM MQ: Using Publish/Subscribe in an MQ NetworkIBM MQ: Using Publish/Subscribe in an MQ Network
IBM MQ: Using Publish/Subscribe in an MQ Network
David Ware
 
z/OS Communications Server: z/OS Resolver
z/OS Communications Server: z/OS Resolverz/OS Communications Server: z/OS Resolver
z/OS Communications Server: z/OS Resolver
zOSCommserver
 
Upgrade to IBM z/OS V2.4 technical actions
Upgrade to IBM z/OS V2.4 technical actionsUpgrade to IBM z/OS V2.4 technical actions
Upgrade to IBM z/OS V2.4 technical actions
Marna Walle
 
High Availability in MySQL 8 using InnoDB Cluster
High Availability in MySQL 8 using InnoDB ClusterHigh Availability in MySQL 8 using InnoDB Cluster
High Availability in MySQL 8 using InnoDB Cluster
Sven Sandberg
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)
Rui Miguel Feio
 
Highly efficient backups with percona xtrabackup
Highly efficient backups with percona xtrabackupHighly efficient backups with percona xtrabackup
Highly efficient backups with percona xtrabackup
Nilnandan Joshi
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
Olivier DASINI
 
MySQL InnoDB Cluster - Group Replication
MySQL InnoDB Cluster - Group ReplicationMySQL InnoDB Cluster - Group Replication
MySQL InnoDB Cluster - Group Replication
Frederic Descamps
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
Chef patterns
Chef patternsChef patterns
Chef patterns
Biju Nair
 
Concurrency
ConcurrencyConcurrency
Concurrency
Biju Nair
 
Ad

More Related Content

What's hot (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
My sql enterprise vs community
My sql enterprise vs communityMy sql enterprise vs community
My sql enterprise vs community
MySQL Brasil
 
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & ClusterMySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
Kenny Gryp
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
Osama Mustafa
 
MySQL Group Replication
MySQL Group ReplicationMySQL Group Replication
MySQL Group Replication
Kenny Gryp
 
MySQL Replication Performance in the Cloud
MySQL Replication Performance in the CloudMySQL Replication Performance in the Cloud
MySQL Replication Performance in the Cloud
Vitor Oliveira
 
MQ Security Overview
MQ Security OverviewMQ Security Overview
MQ Security Overview
MarkTaylorIBM
 
IBM WebSphere MQ for z/OS - Security
IBM WebSphere MQ for z/OS - SecurityIBM WebSphere MQ for z/OS - Security
IBM WebSphere MQ for z/OS - Security
Damon Cross
 
Db2 migration -_tips,_tricks,_and_pitfalls
Db2 migration -_tips,_tricks,_and_pitfallsDb2 migration -_tips,_tricks,_and_pitfalls
Db2 migration -_tips,_tricks,_and_pitfalls
sam2sung2
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
Jorge Moratilla Porras
 
Sysplex in a Nutshell
Sysplex in a NutshellSysplex in a Nutshell
Sysplex in a Nutshell
zOSCommserver
 
IBM MQ: Using Publish/Subscribe in an MQ Network
IBM MQ: Using Publish/Subscribe in an MQ NetworkIBM MQ: Using Publish/Subscribe in an MQ Network
IBM MQ: Using Publish/Subscribe in an MQ Network
David Ware
 
z/OS Communications Server: z/OS Resolver
z/OS Communications Server: z/OS Resolverz/OS Communications Server: z/OS Resolver
z/OS Communications Server: z/OS Resolver
zOSCommserver
 
Upgrade to IBM z/OS V2.4 technical actions
Upgrade to IBM z/OS V2.4 technical actionsUpgrade to IBM z/OS V2.4 technical actions
Upgrade to IBM z/OS V2.4 technical actions
Marna Walle
 
High Availability in MySQL 8 using InnoDB Cluster
High Availability in MySQL 8 using InnoDB ClusterHigh Availability in MySQL 8 using InnoDB Cluster
High Availability in MySQL 8 using InnoDB Cluster
Sven Sandberg
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)
Rui Miguel Feio
 
Highly efficient backups with percona xtrabackup
Highly efficient backups with percona xtrabackupHighly efficient backups with percona xtrabackup
Highly efficient backups with percona xtrabackup
Nilnandan Joshi
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
Olivier DASINI
 
MySQL InnoDB Cluster - Group Replication
MySQL InnoDB Cluster - Group ReplicationMySQL InnoDB Cluster - Group Replication
MySQL InnoDB Cluster - Group Replication
Frederic Descamps
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
My sql enterprise vs community
My sql enterprise vs communityMy sql enterprise vs community
My sql enterprise vs community
MySQL Brasil
 
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & ClusterMySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
Kenny Gryp
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
Osama Mustafa
 
MySQL Group Replication
MySQL Group ReplicationMySQL Group Replication
MySQL Group Replication
Kenny Gryp
 
MySQL Replication Performance in the Cloud
MySQL Replication Performance in the CloudMySQL Replication Performance in the Cloud
MySQL Replication Performance in the Cloud
Vitor Oliveira
 
MQ Security Overview
MQ Security OverviewMQ Security Overview
MQ Security Overview
MarkTaylorIBM
 
IBM WebSphere MQ for z/OS - Security
IBM WebSphere MQ for z/OS - SecurityIBM WebSphere MQ for z/OS - Security
IBM WebSphere MQ for z/OS - Security
Damon Cross
 
Db2 migration -_tips,_tricks,_and_pitfalls
Db2 migration -_tips,_tricks,_and_pitfallsDb2 migration -_tips,_tricks,_and_pitfalls
Db2 migration -_tips,_tricks,_and_pitfalls
sam2sung2
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
Jorge Moratilla Porras
 
Sysplex in a Nutshell
Sysplex in a NutshellSysplex in a Nutshell
Sysplex in a Nutshell
zOSCommserver
 
IBM MQ: Using Publish/Subscribe in an MQ Network
IBM MQ: Using Publish/Subscribe in an MQ NetworkIBM MQ: Using Publish/Subscribe in an MQ Network
IBM MQ: Using Publish/Subscribe in an MQ Network
David Ware
 
z/OS Communications Server: z/OS Resolver
z/OS Communications Server: z/OS Resolverz/OS Communications Server: z/OS Resolver
z/OS Communications Server: z/OS Resolver
zOSCommserver
 
Upgrade to IBM z/OS V2.4 technical actions
Upgrade to IBM z/OS V2.4 technical actionsUpgrade to IBM z/OS V2.4 technical actions
Upgrade to IBM z/OS V2.4 technical actions
Marna Walle
 
High Availability in MySQL 8 using InnoDB Cluster
High Availability in MySQL 8 using InnoDB ClusterHigh Availability in MySQL 8 using InnoDB Cluster
High Availability in MySQL 8 using InnoDB Cluster
Sven Sandberg
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)
Rui Miguel Feio
 
Highly efficient backups with percona xtrabackup
Highly efficient backups with percona xtrabackupHighly efficient backups with percona xtrabackup
Highly efficient backups with percona xtrabackup
Nilnandan Joshi
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
Olivier DASINI
 
MySQL InnoDB Cluster - Group Replication
MySQL InnoDB Cluster - Group ReplicationMySQL InnoDB Cluster - Group Replication
MySQL InnoDB Cluster - Group Replication
Frederic Descamps
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 

Viewers also liked (8)

Chef patterns
Chef patternsChef patterns
Chef patterns
Biju Nair
 
Concurrency
ConcurrencyConcurrency
Concurrency
Biju Nair
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
Biju Nair
 
NENUG Apr14 Talk - data modeling for netezza
NENUG Apr14 Talk - data modeling for netezzaNENUG Apr14 Talk - data modeling for netezza
NENUG Apr14 Talk - data modeling for netezza
Biju Nair
 
HDFS User Reference
HDFS User ReferenceHDFS User Reference
HDFS User Reference
Biju Nair
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
Biju Nair
 
Websphere MQ (MQSeries) fundamentals
Websphere MQ (MQSeries) fundamentalsWebsphere MQ (MQSeries) fundamentals
Websphere MQ (MQSeries) fundamentals
Biju Nair
 
HBase Application Performance Improvement
HBase Application Performance ImprovementHBase Application Performance Improvement
HBase Application Performance Improvement
Biju Nair
 
Chef patterns
Chef patternsChef patterns
Chef patterns
Biju Nair
 
Concurrency
ConcurrencyConcurrency
Concurrency
Biju Nair
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
Biju Nair
 
NENUG Apr14 Talk - data modeling for netezza
NENUG Apr14 Talk - data modeling for netezzaNENUG Apr14 Talk - data modeling for netezza
NENUG Apr14 Talk - data modeling for netezza
Biju Nair
 
HDFS User Reference
HDFS User ReferenceHDFS User Reference
HDFS User Reference
Biju Nair
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
Biju Nair
 
Websphere MQ (MQSeries) fundamentals
Websphere MQ (MQSeries) fundamentalsWebsphere MQ (MQSeries) fundamentals
Websphere MQ (MQSeries) fundamentals
Biju Nair
 
HBase Application Performance Improvement
HBase Application Performance ImprovementHBase Application Performance Improvement
HBase Application Performance Improvement
Biju Nair
 
Ad

Similar to Managing Websphere Application Server certificates (20)

MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06
Computer Networking
 
vCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep divevCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep dive
fbuechsel
 
be the captain of your connections deployment
be the captain of your connections deploymentbe the captain of your connections deployment
be the captain of your connections deployment
Sharon James
 
SSL deep dive vCenter Server 5.5
SSL deep dive vCenter Server 5.5SSL deep dive vCenter Server 5.5
SSL deep dive vCenter Server 5.5
fbuechsel
 
Securing Novell GroupWise through SSL and S/MIME
Securing Novell GroupWise through SSL and S/MIMESecuring Novell GroupWise through SSL and S/MIME
Securing Novell GroupWise through SSL and S/MIME
Novell
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
Tom Kerkhove
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Codit
 
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Xiaoman DONG
 
Paris FOD meetup - kafka security 101
Paris FOD meetup - kafka security 101Paris FOD meetup - kafka security 101
Paris FOD meetup - kafka security 101
Abdelkrim Hadjidj
 
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips
confluent
 
Sa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administrators
Sharon James
 
Jelastic Certified Templates
Jelastic Certified TemplatesJelastic Certified Templates
Jelastic Certified Templates
Ihor Kolodyuk
 
Using Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure SecurityUsing Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure Security
Mandi Walls
 
(ATS6-APP09) ELN configuration management with ADM
(ATS6-APP09) ELN configuration management with ADM(ATS6-APP09) ELN configuration management with ADM
(ATS6-APP09) ELN configuration management with ADM
BIOVIA
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf
DeepakAC3
 
Types of ssl commands and keytool
Types of ssl commands and keytoolTypes of ssl commands and keytool
Types of ssl commands and keytool
CheapSSLsecurity
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
MongoDB
 
VMware App Volumes Troubleshooting
VMware App Volumes TroubleshootingVMware App Volumes Troubleshooting
VMware App Volumes Troubleshooting
Denis Gundarev
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
EnclaveSecurity
 
MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06MCSA 70-412 Chapter 06
MCSA 70-412 Chapter 06
Computer Networking
 
vCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep divevCenter Server 5.5 Single Sign-On VMDir deep dive
vCenter Server 5.5 Single Sign-On VMDir deep dive
fbuechsel
 
be the captain of your connections deployment
be the captain of your connections deploymentbe the captain of your connections deployment
be the captain of your connections deployment
Sharon James
 
SSL deep dive vCenter Server 5.5
SSL deep dive vCenter Server 5.5SSL deep dive vCenter Server 5.5
SSL deep dive vCenter Server 5.5
fbuechsel
 
Securing Novell GroupWise through SSL and S/MIME
Securing Novell GroupWise through SSL and S/MIMESecuring Novell GroupWise through SSL and S/MIME
Securing Novell GroupWise through SSL and S/MIME
Novell
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
Tom Kerkhove
 
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Securing Sensitive Data with Azure Key Vault (Tom Kerkhove @ ITProceed)
Codit
 
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Kubernetes Clusters At Scale: Managing Hundreds Apache Pinot Kubernetes Clust...
Xiaoman DONG
 
Paris FOD meetup - kafka security 101
Paris FOD meetup - kafka security 101Paris FOD meetup - kafka security 101
Paris FOD meetup - kafka security 101
Abdelkrim Hadjidj
 
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips
confluent
 
Sa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administratorsSa106 – practical solutions for connections administrators
Sa106 – practical solutions for connections administrators
Sharon James
 
Jelastic Certified Templates
Jelastic Certified TemplatesJelastic Certified Templates
Jelastic Certified Templates
Ihor Kolodyuk
 
Using Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure SecurityUsing Chef InSpec for Infrastructure Security
Using Chef InSpec for Infrastructure Security
Mandi Walls
 
(ATS6-APP09) ELN configuration management with ADM
(ATS6-APP09) ELN configuration management with ADM(ATS6-APP09) ELN configuration management with ADM
(ATS6-APP09) ELN configuration management with ADM
BIOVIA
 
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
 
59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf59264945-Websphere-Security.pdf
59264945-Websphere-Security.pdf
DeepakAC3
 
Types of ssl commands and keytool
Types of ssl commands and keytoolTypes of ssl commands and keytool
Types of ssl commands and keytool
CheapSSLsecurity
 
SSecuring Your MongoDB Deployment
SSecuring Your MongoDB DeploymentSSecuring Your MongoDB Deployment
SSecuring Your MongoDB Deployment
MongoDB
 
VMware App Volumes Troubleshooting
VMware App Volumes TroubleshootingVMware App Volumes Troubleshooting
VMware App Volumes Troubleshooting
Denis Gundarev
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
EnclaveSecurity
 
Ad

Recently uploaded (20)

Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Exploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the FutureExploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the Future
ICS
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and CollaborateMeet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Maxim Salnikov
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Lionel Briand
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
How Valletta helped healthcare SaaS to transform QA and compliance to grow wi...
Egor Kaleynik
 
Adobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest VersionAdobe Illustrator Crack FREE Download 2025 Latest Version
Adobe Illustrator Crack FREE Download 2025 Latest Version
kashifyounis067
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Exploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the FutureExploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the Future
ICS
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and CollaborateMeet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Maxim Salnikov
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Lionel Briand
 
PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025PDF Reader Pro Crack Latest Version FREE Download 2025
PDF Reader Pro Crack Latest Version FREE Download 2025
mu394968
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Salesforce Data Cloud- Hyperscale data platform, built for Salesforce.
Dele Amefo
 
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage DashboardsAdobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
Adobe Marketo Engage Champion Deep Dive - SFDC CRM Synch V2 & Usage Dashboards
BradBedford3
 

Managing Websphere Application Server certificates

  • 1. IBM Software Group ® Managing and Replacing WebSphere 6.1 SSL Certificates Brett Ostrander WebSphere® Support Technical Exchange
  • 2. IBM Software Group | WebSphere software Agenda • Basic Design / Overview • Default 6.1 Configuration • Scope Settings • Certificate Expiration Management • Manually Replacing Certificates
  • 3. IBM Software Group | WebSphere software Basic Design / Overview • No longer use the Dummy keys • Key Stores (key.p12) and Trust Stores (trust.p12) contain – Signer Certificates – Personal Certificates – Personal Certificate Requests • WebSphere® provides all of the needed key/trust stores needed by default • Self signed certificates are created per profile by default
  • 4. IBM Software Group | WebSphere software Basic Design / Overview • Certificate and key management is built into the Admin Console • Configurations are scoped at the level of cell, node, cluster, node group, server...
  • 5. IBM Software Group | WebSphere software
  • 6. IBM Software Group | WebSphere software Default Configuration Key Stores and Trust Stores are managed via the Admin Console and stored in the configuration repository CellDefaultKeyStore is located in ${CONFIG_ROOT}/cells/cell_name/key.p12 CellDefaultTrustStore is located in ${CONFIG_ROOT}/cells/cell_name/trust.p12 Important: This is the Trust Store used by default in the Entire Cell
  • 7. IBM Software Group | WebSphere software Default Configuration NodeDefaultKeyStore is in ${CONFIG_ROOT}/cells/cell_name/nodes/node_name/key .p12 NodeDefaultTrustStore is in ${CONFIG_ROOT}/cells/cell_name/nodes/node_name/trust.p1 2 NodeDefaultTrustStore is not used by default
  • 8. IBM Software Group | WebSphere software Default Configuration Web Server’s KDB file is in ${CONFIG_ROOT}/config/cells/cell_name/nodes/node_name/ servers/webserver/plugin-key.kdb
  • 9. IBM Software Group | WebSphere software Scope Settings
  • 10. IBM Software Group | WebSphere software • SSL configurations > NodeDefaultSSLSettings
  • 11. IBM Software Group | WebSphere software Certificate Expiration Management • WebSphere automatically (be default) scans all key stores looking for certificates that will expire • Any self-signed certificates that will expire in the next expiration notification days will be replaced – if automatic synchronization is disabled and outage will occur – unmanaged webservers stop working – communication may be broken with other servers in other cells, MQ, etc. – various other problems can also occur • Consider disabling automatic certificate replacement and generating your own certificates...
  • 12. IBM Software Group | WebSphere software
  • 13. IBM Software Group | WebSphere software Manually Replacing Certificates • Run backupConfig on the Deployment Manager • Replace the Deployment Manager certificate In the Admin Console, go to Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates > Create a self-signed certificate
  • 14. IBM Software Group | WebSphere software • Enter the required attributes and Save the changes.
  • 15. IBM Software Group | WebSphere software • Return to Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates • Select the old certificate and Replace
  • 16. IBM Software Group | WebSphere software • Accept your new certificate and Save
  • 17. IBM Software Group | WebSphere software • On the next screen, select the old certificate and Delete
  • 18. IBM Software Group | WebSphere software • Verify that a Signer Certificate was added to your CellDefaultTrustStore for your new personal certificate
  • 19. IBM Software Group | WebSphere software
  • 20. IBM Software Group | WebSphere software • If for any reason the Signer Certificate was not added then you can do this manually
  • 21. IBM Software Group | WebSphere software • Select the CellDefaultKeyStore and the CellDefaultTrustStore and click Exchange signers...
  • 22. IBM Software Group | WebSphere software • Select and Add the new Signer Certificate
  • 23. IBM Software Group | WebSphere software Manually Replacing Certificates • Replace the Node certificate Go to Security > SSL certificate and key management > Manage endpoint security configurations and Select the node
  • 24. IBM Software Group | WebSphere software • Select Manage certificates
  • 25. IBM Software Group | WebSphere software • Create a new self-signed certificate
  • 26. IBM Software Group | WebSphere software • Enter the required attributes and Save the changes
  • 27. IBM Software Group | WebSphere software • Return to Security > SSL certificate and key management > Manage endpoint security configurations and Select the node • Select Manage Certificates • Select the old certificate and click Replace
  • 28. IBM Software Group | WebSphere software • Accept your new certificate and Save
  • 29. IBM Software Group | WebSphere software • Return to the node Manage certificates page, select the old certificate and Delete
  • 30. IBM Software Group | WebSphere software • Verify that a Signer Certificate was added to your CellDefaultTrustStore for your new Personal Certificate
  • 31. IBM Software Group | WebSphere software
  • 32. IBM Software Group | WebSphere software • If for any reason the Signer Certificate was not added then you can do this manually • Select the NodeDefaultKeyStore and the CellDefaultTrustStore and click Exchange signers...
  • 33. IBM Software Group | WebSphere software • Select and Add the new Signer Certificate
  • 34. IBM Software Group | WebSphere software Manually Replacing Certificates • Delete the old Signer Certificates and Extract the new ones
  • 35. IBM Software Group | WebSphere software
  • 36. IBM Software Group | WebSphere software • Extract each certificate
  • 37. IBM Software Group | WebSphere software • Enter a File Name that corresponds to the certificate. For example, node1.arm • These files are saved to the profile_root/Dmgr/etc directory
  • 38. IBM Software Group | WebSphere software Manually Replacing Certificates • Add the Signer Certificates for each node to the plugin-key.kdb Go to Servers > Web servers> webserver_name > Plug-in properties > Manage keys and certificates > Signer certificates > Add
  • 39. IBM Software Group | WebSphere software • Enter a unique Alias Name and then specify the File Name that you created previously
  • 40. IBM Software Group | WebSphere software • Repeat this for each of the new certificates (the cell signer and all of the node signers) • Manually copy the plugin-key.kdb from the local configuration to the webserver • Important Note: Depending on your configuration you may not be able to perform the previous steps with the console. If the fields are greyed out and/or you are unable to manage your plugin-key.kdb from the console you will need to use IKEYMAN to manually add the certificates
  • 41. IBM Software Group | WebSphere software Manually Replacing Certificates • For all profiles, when these self-signed certificates are initially created they are also added into the key.p12 and trust.p12 in the ${PROFILE_ROOT}/etc directory. These key stores are used by clients (for example, wsadmin) started from this profile • These certificates provide them with the trust needed to communicate with servers in the same profile without requiring any signer exchanges to occur
  • 42. IBM Software Group | WebSphere software Manually Replacing Certificates • Whenever changes are made to the server certificates after the initial profile creation the /etc trust.p12 will need to be updated • If client authentication is enabled on the server the /etc/key.p12 will need be updated also
  • 43. IBM Software Group | WebSphere software Manually Replacing Certificates • Manually replace the trust.p12 in each of the /etc directories – Copy the ${CONFIG_ROOT}/cells/cell_name/trust.p12 to the profile_root/Dmgr/etc directory – Copy the ${CONFIG_ROOT}/cells/cell-name/trust.p12 to the profile_root/Appsrv/etc directory and repeat for each node in the cell • If needed, replace the key.p12 files also – Copy the ${CONFIG_ROOT}/cells/cell_name/key.p12 to the profile_root/Dmgr/etc directory – Copy the ${CONFIG_ROOT}/cells/cell-name/ node/node_name/key.p12 to corresponding profile_root/Appsrv/etc directory and repeat for each node in the cell
  • 44. IBM Software Group | WebSphere software Reference Articles • IBM WebSphere Developer Technical Journal: SSL, certificate, and key management enhancements for even stronger security in WebSphere Application Server V6.1 • Manually Replacing SSL Certificates in V6.1
  • 45. IBM Software Group Additional WebSphere Product Resources Discover the latest trends in WebSphere Technology and implementation, participate in technically-focused briefings, webcasts and podcasts at: http://www.ibm.com/developerworks/websphere/community/ Learn about other upcoming webcasts, conferences and events: http://www.ibm.com/software/websphere/events_1.html Join the Global WebSphere User Group Community: http://www.websphere.org Access key product show-me demos and tutorials by visiting IBM® Education Assistant: http://www.ibm.com/software/info/education/assistant View a Flash replay with step-by-step instructions for using the Electronic Service Request (ESR) tool for submitting problems electronically: http://www.ibm.com/software/websphere/support/d2w.html Sign up to receive weekly technical My support emails: http://www.ibm.com/software/support/einfo.html WebSphere® Support Technical Exchange 45
  • 46. IBM Software Group Questions and Answers WebSphere® Support Technical Exchange 46